Several trade groups focused on healthcare issues have come together to publish a letter urging the ONC to rethink aspects of its proposed interoperability rule tackling health data sharing, privacy and information blocking. ONC filed the proposed rule as part of a package of rules being put in place to implement the 21st Century Cures Act.
The groups signing the letter include the AMA, CHIME, AHIMA, AMIA, Federation of American Hospitals, Medical Group Management Association and Premier.
Addressed to the Senate Committee on Health, Education, Labor and Pensions, the letter argues that as it stands, the proposed rule would undercut their members’ ability to move toward a better healthcare system and greater data interoperability.
To address this problem, they suggest, the ONC should issue a Supplemental Notice of Proposed Rulemaking, effectively an extension on the rule adoption deadline, and gather more input from stakeholders on some important topics.
One issue they’d like to see addressed is language in Part 171 of the proposed rule, which includes information blocking exceptions, as they believe its definition is of what qualifies for exceptions is currently “complex and confusing.”
In particular, the groups would like to see the rule’s definition of electronic health information clarified. Without such a clarification, they argue, clinicians, hospitals and health information professionals may be unsure whether they’re eligible for an exception to information blocking requirements.
Also, the letter argues that the rule should include requirements that certified APIs strengthen patients’ control over their own data. As things stand, it says, the widespread use of APIs and third-party applications for health information management could result in data being shared that patients didn’t intend to share.
To this end, they suggest, ONC should develop security guidelines for vendors and providers as they bring third-party apps onto their systems. This could include a requirement that API technology suppliers conduct surveillance and mitigate threats and vulnerabilities that could be introduced to other systems connecting via API, it says. Of course, some could interpret this suggestion as an excuse for EHR vendors to not share data that should be shared.
In addition, the group would like to see CEHRT data segmentation capabilities in use as more sensitive patient data is exchanged, allowing for tagging and privacy labeling of this data.
Meanwhile, they argue, ONC should establish reasonable timelines for any use of certified health IT that requires, including enough time to deploy and test these systems in a way which address regulatory mandates.
The letter also argues that HHS should use discretion in its initial enforcement of the data blocking provision of the rule, putting a priority on education and corrective action plans over monetary penalties.
To help improve compliance with information blocking requirements, they suggest that ONC provide examples of actions that would meet information blocking exception requirements before the related final rule becomes effective.